package com.das.cloudmetro.ssoserver.rs.filter;

import com.das.cloudmetro.ssoserver.security.jwt.JwtTokenService;
import com.das.framework.common.extvo.LoginInfo;
import com.das.framework.common.extvo.ResultVO;
import com.das.framework.common.extvo.TokenVo;
import com.das.framework.common.utils.Tools;
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.ext.Provider;
import org.jboss.resteasy.core.ResteasyContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
@Provider
public class AuthorizationRequestFilter implements ContainerRequestFilter {

    protected static Logger log = LoggerFactory.getLogger(AuthorizationRequestFilter.class);

    @Value("${dascloud.authrization.enabled: true}")    // 默认值
    private Boolean authrizationEnabled;


    @Value("${dascloud.authrization.token-header: JwtToken}")   // 默认值
    private String tokenName;


    @Autowired
    private JwtTokenService jwtTokenService;

    public AuthorizationRequestFilter() {
    }

    public void filter(ContainerRequestContext requestContext) throws IOException {

        // 请求的 uri
        log.info("jaxrs request filter：" + requestContext.getUriInfo().getAbsolutePath().toString());


        requestContext.setProperty("start_time", System.currentTimeMillis());


        if (this.authrizationEnabled) {

            String jwtToken = requestContext.getHeaderString("JwtToken");

            String authKey = requestContext.getHeaderString("AuthKey");

            MultivaluedMap<String, String> map = requestContext.getUriInfo().getQueryParameters();


            if (Tools.StringIsNullOrSpace(jwtToken)) {
                jwtToken =  map.getFirst("JwtToken");
            }

            if (Tools.StringIsNullOrSpace(authKey)) {
                authKey =   map.getFirst("AuthKey");
            }

            if (Tools.StringIsNullOrSpace(jwtToken)) {    // JwtToken 为空


                //  拦截, 停止继续请求
                this.stopAccess(requestContext, "403", "未认证的请求");
            }

            try {

                // 从 jwtToken 中解析 公开的 userInfo
                LoginInfo loginInfo = this.jwtTokenService.getInfoFromToken(jwtToken);


                // 放入到 ResteasyContext 上下文中
                ResteasyContext.pushContext(LoginInfo.class, loginInfo);




                //
                ResteasyContext.pushContext( TokenVo.class, null);


            } catch (Exception var6) {

                log.warn(var6.getMessage(), var6);

                //  拦截, 停止继续请求
                this.stopAccess(requestContext, "401", "请求拒绝：未认证或认证失败!");
            }

        }
    }

    private void stopAccess(ContainerRequestContext requestContext, String code, String message) {


        requestContext.abortWith(Response.status(Status.UNAUTHORIZED).entity(new ResultVO(false, message, code)).build());


    }
}
